lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 19, 2023 16:23 UTC
The email discusses a potential solution to defend against an attack on the Lightning Network protocol.
The suggestion is to have the honest node aggressively fee-bump and retransmit the HTLC-timeout as the CLTV delta deadline approaches. This approach, known as the "scorched earth" approach, involves increasing the fee by 1/10th of the HTLC value for each non-confirmation within 10 blocks of the deadline.
The purpose of this strategy is to make it more costly for the attacker to replace the HTLC-timeout transactions. Each replacement would require the attacker to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.
While this fee-bumping policy may result in considerable fees for the honest node, it is believed to be a sufficient defense against the attacker. Even if the attacker is directly cycling replacements in miners' mempools and the victim has no visibility into the attack, the fee-bumping policy aims to protect the honest node.
By following this approach, the honest node can increase the cost for the attacker and potentially deter them from carrying out the attack. It provides a proactive defense mechanism that aims to safeguard the integrity of the Lightning Network protocol.